PROBLEM WITH DTLS VERSION 1.2 SERVER SIDE IMPLEMENTATION

PROBLEM WITH DTLS VERSION 1.2 SERVER SIDE IMPLEMENTATION

Hello,

Can anybody help me does bouncy castle version latest version 1.60 support DTLS 1.2 Server side implementation ?

https://www.bouncycastle.org/releasenotes.htmlReferring to the comment in above link .
"Client side support and some server side support has been added for TLS/DTLS 1.2."
If bouncy castle 1.6 (Java) fully compliant with server side DTLS implementation for version V1.2 ?

I am using libjitsi (which uses bouncy castle version 1.54) and would like to bring to your notice the following comment in one the libjitsi class TlsServerImpl

/**
* {@inheritDoc}
*
* The implementation of <tt>TlsServerImpl</tt> always returns
* <tt>ProtocolVersion.DTLSv10</tt> because <tt>ProtocolVersion.DTLSv12</tt>
* does not work with the Bouncy Castle Crypto APIs at the time of this
* writing.
*/
@Override
protected ProtocolVersion getMaximumVersion()
{
return ProtocolVersion.DTLSv10;
}

Basically when I get Client Hello from the DTLS client with DTLS version v1.2, DTLS Server sends Server Hello with DTLS version 1.0 and Client responds back with "Fatal error : Protocol Version"

Re: PROBLEM WITH DTLS VERSION 1.2 SERVER SIDE IMPLEMENTATION

> On 19 Oct 2018, at 13:09, Zarkar, Nilesh (Contractor) <[hidden email]> wrote:
>
> Hello,
>
> Can anybody help me does bouncy castle version latest version 1.60 support DTLS 1.2 Server side implementation ?
>
> https://www.bouncycastle.org/releasenotes.html> Referring to the comment in above link .
> "Client side support and some server side support has been added for TLS/DTLS 1.2."
> If bouncy castle 1.6 (Java) fully compliant with server side DTLS implementation for version V1.2 ?
>
> I am using libjitsi (which uses bouncy castle version 1.54) and would like to bring to your notice the following comment in one the libjitsi class TlsServerImpl
>
> /**
> * {@inheritDoc}
> *
> * The implementation of <tt>TlsServerImpl</tt> always returns
> * <tt>ProtocolVersion.DTLSv10</tt> because <tt>ProtocolVersion.DTLSv12</tt>
> * does not work with the Bouncy Castle Crypto APIs at the time of this
> * writing.
> */
> @Override
> protected ProtocolVersion getMaximumVersion()
> {
> return ProtocolVersion.DTLSv10;
> }
>
> Basically when I get Client Hello from the DTLS client with DTLS version v1.2, DTLS Server sends Server Hello with DTLS version 1.0 and Client responds back with "Fatal error : Protocol Version"

That seems entirely consistent with a _maximum_ version of 1.0 :-)

I can confirm that 1.60 works ok to serve DTLS 1.2 against webRTC clients (which is what I assume you want)
However I've only tested the _new_ org.bouncycastle.tls.* API, not the old deprecated one I think Jitsi is using.